Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rowhammer Attack Can Now Root Android Devices (softpedia.com)

Posted by BeauHD on from the all-inclusion-attacks dept.

An anonymous reader writes from a report via Softpedia: Researchers have discovered a method to use the Rowhammer RAM attack for rooting Android devices. For their research paper, called Drammer: Deterministic Rowhammer Attacks on Mobile Platforms, researchers tested and found multiple smartphone models to be vulnerable to their attack. The list includes LG Nexus (4, 5, 5X), LG G4, Motorola Moto G (2013 and 2014), One Plus One, HTC Desire 510, Lenovo K3 Note, Xiaomi Mi 4i, and Samsung Galaxy (S4, S5, and S6) devices. Researchers estimate that millions of Android users might be vulnerable. The research team says the Drammer attack has far more wide-reaching implications than just Android, being able to exploit any device running on ARM chips. In the past, researchers have tested the Rowhammer attack against DDR3 and DDR4 memory cards, weaponized it via JavaScript, took over PCs via Microsoft Edge, and hijacked Linux virtual machines. There's an app to test if your phone is vulnerable to this attack. "Rowhammer is an unintended side effect in dynamic random-access memory (DRAM) that causes memory cells to leak their charges and interact electrically between themselves, possibly altering the contents of nearby memory rows that were not addressed in the original memory access," according to Wikipedia. "This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times."

3 of 100 comments (clear)

  1. Phew, my Galaxy Note 7 is safe! by Anonymous Coward · · Score: 3, Funny

    Lucky I upgra

  2. Re:Bug of feature? by peragrin · · Score: 5, Funny

    don't worry they are working on a java script version.

    That way they can root your device on the web and load the advertising directly to all of your contacts.

    oh wait that's called facebook.

    --
    i thought once I was found, but it was only a dream.
  3. Re:Researchers? by Gravis+Zero · · Score: 3, Funny

    Can we stop calling these fucktards researchers already? They are crackers not researchers damn!

    Yeah, I mean, researchers explain their methodology and publish papers about it! These are just the dumbest criminal hackers that put their names on some paper they published! Can't wait until they go to jail for their criminal deeds which they are obviously waiting do in the future! -_-

    --
    Anons need not reply. Questions end with a question mark.